CVE-2024-49021

Published: Nov 12, 2024Modified: Nov 15, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Microsoft SQL Server Remote Code Execution Vulnerability

Affected (8)

Products: Microsoft: Sql Server 2016, Sql Server 2017, Sql Server 2019, Sql Server 2022

4 products

Sql Server 2016

Sql Server 2017

Sql Server 2019

Sql Server 2022

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sql Server 2016	From 13.0.6300.2 to 13.0.6455.2
Microsoft Sql Server 2016	From 13.0.7000.253 to 13.0.7050.2
Microsoft Sql Server 2017	From 14.0.1000.169 to 14.0.2070.1
Microsoft Sql Server 2017	From 14.0.3006.16 to 14.0.3485.1
Microsoft Sql Server 2019	From 15.0.2000.5 to 15.0.2130.3
Microsoft Sql Server 2019	From 15.0.4003.23 to 15.0.4410.1
Microsoft Sql Server 2022	From 16.0.1000.6 to 16.0.1135.2
Microsoft Sql Server 2022	From 16.0.4003.1 to 16.0.4155.4

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021

Source: secure@microsoft.com

PatchVendor Advisory

Timeline

No history available yet.